Some 4,50,000 Yahoo users’ email addresses and passwords have been stolen because of a security breach.
The company said in a statement that an “old file” from the Yahoo Contributor Network, a content-sharing platform, was compromised Wednesday. Among the stolen emails and passwords were many from Yahoo’s own email service along with those of other companies.
Yahoo said it is fixing the vulnerability that led to the disclosure, changing the passwords of affected Yahoo users, and notifying other companies whose users’ accounts may have been compromised. However, Yahoo stated that only 5 percent of passwords associated with its account holders were valid.
Technology news websites identified the hackers behind the attack as a little-known outfit calling itself the D33D Company. The group was quoted as saying it had stolen the unencrypted passwords using an SQL injection – using rogue commands to extract data from vulnerable websites.